Category: Security News

In June 2019, Google announced that the trip planner mobile app “Google trips” –developed by Google for Android and iOS operating systems -would end on August 5, 2019. This app being launched on dated 16th of September 2016 allows users to plan for their upcoming trips. It can summarize into about users’ destination in the categories like day, reservation, thing to do. It also provides the facility to locate flight, hotel car, and restaurant reservations for the trip. To use this app, users require login to Google account. The end of the app definitely gave worried face to the people who are using it. However, the authorities are asking them to stay calm as they are improving similar programs such as Maps and Search that allow the same tasks on mobile devices. The users also do not have to worry about the information that is stored in the application. Signing Read more

Experts from Hexway report, when Bluetooth on Apple devices is on, nearby users can find out the phone number and other details of the user who is using it. “If Bluetooth is ON on your Apple device everyone nearby can understand current status of your device, get info about battery, device name, Wi-Fi status, buffer availability, OS version and even get your mobile phone number”, — report Hexway experts. Apple devices transmit BLE or Bluetooth Low Energy (different from Classic Bluetooth as it is designed to provide significantly low power consumption) packets that transmit the device’s position, battery charge, and may other data. This is a part of Apple Wireless Direct link [AWDL] protocol that works on even Wi-Fi to transfer data between neighboring devices. Darmtadt Technical University experts found problems in AWDL that works for tracking users, provokes device malfunctions and intercepts the files transferring between the devices using MitM attacks. Read more

SonicWall Capture Labs threat researchers reported a record breaking 10.52 billion malware attack in 2018. Of all these attacks, scanning of non-standard ports and deploying of encrypted malware is increasing day by day. Non-standard port stands for a service on a port defined by lANA port numbers registry. As for example, Ports 80 and 443 are ports of web traffic. By using these ports, Cyber Criminals spread malware so that their payloads are undetected in targeted environments. The researchers discovered more than of 2.8 million (or 27% more than the previous year) encrypted malware attack this year. The other highlight of the report is that, total 2.4 million encrypted attackers were registered, an overall 76% increasing on year-to-date. In 2019, researcher team observed that, quarter plus malware attacks were coming through the non-standard ports. The team also observed the various new variants on the wild. The statics showed 194,171 new Read more

All the credentials from data leaks, hacks, fishing, and so on that have been resulting for many years now have been sold on the “dark side” of Internet for Cyber Criminals. This will enable these evil people to use the credentials in large scale attacks. They can target big institutes, private organizations and governments’ official. As according to Digital Shadows, a new type of popularity has gained in the market. The credentials are not sold one time, but according to CaaS or combolists-as-a-service model. The services provide access to constantly updated list of credentials. Users get connected to the service through subscription. Such services do not allow users purchase separate lists. They have to automate this process. Researchers found that CrackedTO underground forum promotes the DataSence service –a cloud provider of databases and credentials sets. The bases of the service were constantly compiled and updated by attackers. “It’s not exactly Read more

Users have recently reported that they noticed that the Netflix Android app requested users to track their movements. The researcher from BetoOnSecurity tweeted that the Netflix had requested permission to access his Android phone’s physical activity sensors. Hey @netflix why does your Android app want physical activity data? pic.twitter.com/Lv0QUL0w9g — Beto on Shrooms on Security, Shitter of Posts (@BetoOnSecurity) July 27, 2019 TheNextWeb contacted the Netflix to gain more information about this and got a respond: We are continually testing ways to give our members a better experience. This was part of a test to see how we can improve video playback quality when a member is on the go. Only some accounts are in the test, and we don’t currently have plans to roll it out. Here the question may arise whether a streamlining service provider such as Netflix essentially require such access and how exactly they improve the Read more

The accused Thompson, former contractor of the company was arrested Capital One’s, an institution for card issue and banking –the fifth largest institution in the US – 106 million customers got victimized of huge data breach. The Culprit named Paige A Thompson accessed the databases starting from March 2019 for a month and so. He managed to steal the information about the Customers applied for credit card between 2005 and 2019, as the company said. The culprit was arrested but the investigation is still in process. The victimized users are form US (100 million) and Canadian (6 million). The stolen information includes names, date of birth, bank account numbers, insurance numbers, credit score details and even balance and its limits. However, logins, credit card numbers, social security numbers of most of the Customers are secured as what the company said. “The largest category of information accessed was information on consumers Read more

Researcher from British, Marcus Hutchins also known as MalwareTech (online name) has created a WannaCry kilswitch and saved thousands of users. He was sentenced to time served and one year of supervised release on 26th of July when JP stadtmuller (United States District Judge) read the verdict in Milwaukee Country Court. This man, when he was just 22, was accused of developing and selling the banking credential-stealing malware Krono and for which he was charged six federal charges. He faced 10 years of Jail and a $500,000 fine. After the sentencing on Friday 26th, the MalwareTech seemed happy. He is what he twitted: Sentenced to time served! Incredibly thankful for the understanding and leniency of the judge, the wonderful character letter you all sent, and everyone who helped me through the past two years, both financially and emotionally. Additionally, he thanked his lawyers who provide him the help and will Read more

Intrusion Truth, a CyberSecurity researchers group, has revealed who is exactly behind Advanced Persistent Threat APT codenamed APT 17 or Deputy Dog or Axiom. This is the group who involved in hacks on private companies and government agencies this decade. Researchers at Cisco Talos accredited the attack to APT 17 and discovered that private companies were the targets in the campaign in which Floxif ransomware was distributed by compromising CCleaner and its software download service. The Intrusion Truth will be its 3rd Cyber espionage group unmasked after APT 3 and APT 10. The Cyber researchers group has developed a reputation how to reveal masked group behind some of the more Cyber espionage. The Intrusion uses a technique named doxing to uncover identities behind APT groups. In the process, the hackers or in this case Cyber Security researchers retrieve and publish personal data of their targets. The list of the data Read more

The advent of Technologies over time could not displace the position of Android, which is seeped into our Smartphones, TVs and many other today’s gadgets. The rise of this platform brings abundance of apps run on it and now we have an app for almost everything. It single handedly helps our dally tasks and become the integral part for out leisure. We have Wynk, Ganna, Tunein and similar apps for listening to music. If you want for binge watch your favorite series on Android, you have apps like Netflix, Hulu and Amazon. The problem with these apps is that these all aforementioned apps come under paid subscriptions, which means, users have to pay for a monthly or year subscription fee for using it or accessing the full feature or services like watching movies and TV shows on them and etc. For those users who could not afford the subscription fee Read more

The consumer credit bureau, Equifax, which suffered huge data breach in year 2017, agreed to settle with the Federal Trade Commission and The consumer Financial Protection Bureau and 50 other U.S states. The fine, which is at least %575 million up to $700 million, is also set to settle with consumer class action lawsuit. Almost 150 Americans were affected by the breach. The Equifax paid $175 million to the lawsuits with District of Columbia and Puerto Rico and also suffered penalty $100 million to the consumer financial protection bureau. While announcing the agreement, the Financial Commission stated the credit firm has to pay $300 (which may increase up to $125 million based on total number of victims) million to the people who suffered by the breach. Compensation to the victims FTC’s statement allow victim to request the following form Equifax: Up to 10 years of free credit, for miners, this Read more